Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated malicious user to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
citrix xenapp 6.5.0.0 |